Con Edison is seeking a Cyber Incident Response System Analyst to support and strengthen our Incident Response capabilities. The position works closely with the Cybersecurity Operations Center (CSOC) and reports to the Director, Cybersecurity Operations. The selected candidate will help investigate incidents, improve detection and response processes, and contribute to maintaining a secure environment across on-premises, cloud, and operational technology (OT) systems. This role focuses on monitoring alerts, performing initial investigations, assisting with incident containment and remediation, and collaborating with senior analysts and engineers to continuously improve security posture.

Required Education/Experience

• Bachelor's Degree in computer Science or related field and 2 years of work experience in Cyber or in an IT related field. or
• Associate's Degree in computer science or related field and 4 years of relevant work experience, with at least 2 years of work experience in an IT field or
• High School Diploma/GED and 5 years of relevant work experience, with at least 3 years of work experience in an IT field.

Relevant Work Experience

• Prior Cybersecurity experience, required.
• Knowledge in using known commercial and/or open-source cyber tools, required.
• Understanding of industry standard policies, processes, and procedures, required.
• Understanding of chain of custody, required.
• Previous experience creating timelines and completing a root cause analysis, required.
• Proficiency in collecting, analyzing the evidence collected and creating reports based on the findings to different stakeholders: (Technical, Executive, etc.), required.
• Knowledge of current and evolving cyber threat landscape, required.
• Ability to remain agile and work in a fast-paced environment, required.
• Ability to handle multiple priorities effectively, required.
• Understanding of OT systems, protocols, and industrial control systems (ICS), Preferred.
• Certifications such as CompTIA Security+, CySA+, GSEC, or other entry/midlevel cybersecurity credentials, preferred.
• Familiarity with SIEM tools, EDR platforms, and network monitoring systems, preferred.
• Basic experience with scripting languages (Python, PowerShell) to automate simple tasks, preferred.
• Understanding of cloud environments (AWS, Azure, or GCP) and basic cloud security principles, preferred.
• Strong analytical thinking, attention to detail, and willingness to learn advanced incident response techniques, preferred.

Skills and Abilities

• Well organized, detail oriented and flexible to handle multiple assignments
• Demonstrated analytical skills
• Demonstrated written communication skills
• Possesses flexibility to work in a fast paced, dynamic environment

Licenses and Certifications

• Driver's License Required

Physical Demands

• Sit or stand to answer a phone for the duration of the workday
• Sit or stand to use a keyboard, mouse, and computer for the duration of the workday
• Ability to read small print and symbols

Additional Physical Demands

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

Core Responsibilities

• Monitor and analyze security alerts from multiple sources (SIEM, EDR, network tools) to identify potential incidents.
• Assist in investigating and responding to cybersecurity incidents, following established playbooks and procedures.
• Escalate complex incidents to senior analysts and work with them to coordinate containment, eradication, and recovery actions.
• Maintain accurate incident records, timelines, and evidence for each investigation.
• Contribute to updating incident response procedures and playbooks as threats evolve.
• Support investigations in cloud and network environments using logs, packet captures, and threat intelligence sources.
• Identify potential indicators of compromise and collaborate with other teams to validate findings.
• Participate in postincident reviews to capture lessons learned and suggest improvements to detection and response processes.
• Assist in implementing recommendations to strengthen security controls.
• Work closely with SOC analysts, threat hunters, and engineers to build investigative and analytical skills.
• Stay current with emerging threats, attack techniques, and industry best practices to enhance response capabilities.